Ransomware is one of the biggest cyber threats facing businesses today. These attacks have had a lot of prominence in the media, leading organisations to question their own state of security and reassess their risk.
What is ransomware?
Ransomware is a malicious piece of software, or malware, that bad actors use to infect systems and block user access to files and other important data by encrypting them. A large sum of money (the ransom) is then demanded in order to regain that access.
Ransomware can get into your computer in a number of ways such as:
- Phishing emails: A social engineering tactic common used among hackers, phishing emails may contain links or attachments containing ransomware which if clicked or downloaded can infect your systems
- USB Devices: If you find a USB lying around, the last thing you should do is plug it into your computer. A compromised USB will immediately infest your device with a keylogger or ransomware.
- Fake Applications: Applications and websites designed by hackers may be made to look trustworthy but in reality are harbouring malware ready to download onto your systems. This is why you should only use applications from trusted developers or on an approved list within your organisation.
- Out-of-date software: Software no longer supported by the developer is called end-of-life. It will not receive important security updates and could be exposing vulnerabilities for hackers to exploit with malware
- Compromised web pages: Ransomware can use vulnerabilities in your web browser to infect your device. Alternatively, the web page you land on may be malicious and cause you to accidentally download the malware.
Paying the ransom
Ransomware attacks can seriously impact an organisation and, although businesses are frequently told not to pay the ransom, many do so because they are concerned about operational downtime and the loss of data and so on. Ransom payments can be significant, for example in 2021, global meat processing company JBS paid an $11m ransom.
In general, it’s always best to avoid any sort of exchange with hackers and just focus on following your disaster recovery plan. It’s worth noting that often companies can pay the ransom and the hackers still don’t release their data anyway.
As long as ransomware hackers continue to get paid, ransomware will still be a threat but the cost of losing data is just too concerning for some businesses that they will see no other option than to pay.
Preventing Ransomware attacks
Of course, the best solution is to ensure you have the appropriate measures in place to protect against malware in the first place. Limiting the chance of an attack being successful by implementing good cyber security policies and processes is something every company can do more of in order to avoid the repercussions of ransomware.
Back up regularly
What would you do if your data gets encrypted and held for ransom by hackers?
One of the biggest concerns of a ransomware attack is losing access to this data, so the best action your company can take is to back up this data regularly.
You should create a few backups of important data, including one that is offline and off-site or in a cloud service, which is a popular option for businesses.
This is important because if malware infects your systems, it can spread throughout your network potentially damaging any backups stored within it. By using a variety of backup solutions and creating multiple copies you ensure that you’ll always have a clean copy of data.
You should test the restoration process regularly too, making sure backups run smoothly. Don’t forget to scan them for malware beforehand too!
With human error the number one cause behind cyber attacks, offering cyber security awareness training to employees is essential.
Helping your workforce know how to spot signs of ransomware can help protect your organisation against such attacks.
Often malware enters systems via a malicious email. These social engineering attacks are more sophisticated than ever, so it takes an extra cautious eye to spot something phishy.
Employees should always be hesitant about opening links and attachments, whether the sender appears to be someone they know or not.
Checking the email domain is legit and hovering your mouse over links to check the URL are quick ways to double check if you’re suspicious. It may seem like a pain, but these additional checks could make all the difference.
Minimise the spread of malware
As previously mentioned, malware has the capability to extend its reach by reaching other devices on a network. But there are things you can do to prevent this from happening.
Network services like mail filtering to help spot phishing emails and internet security gateways which inspect web requests and identify malware can help you take control and be more secure as an organisation.
Web browsers and search engines have continually updated safe browsing lists which keep track of harmful websites, preventing access to them.
Hackers might also try to gain remote access to a device on your company’s network via Remote Desktop Protocol (RDP) using an employee’s leaked credentials, for example. They can then download malware straight onto the machine.
The best way to fight back against these methods is to strengthen user authentication measures. Enabling multi-factor authentication at all remote access points will make it much harder for an attacker to breach your network. Regularly reviewing and removing any unnecessary user permissions is also good practice.
Out-of-date or end-of-life software is a huge security risk as hackers will often look at uncovered exploits in the latest security patches and use these to target companies that have not brought their software up to date.
End-of-life software i.e. software no longer supported by the developer should be removed so bad actors cannot take advantage of this vulnerability.
Poorly patched devices were largely to blame for the severity of the WannaCry attack in 2017. Many of the affected Windows computers were not patched with the latest security update from Microsoft, allowing the malware to spread rapidly. It’s estimated that there were around $4bn in financial losses.
As techniques and technology evolve, bad actors will still find ways to bypass security measures you implement so it’s always important to be prepared for a ransomware attack.
- Perform a risk assessment: identify critical assets within your organisation and assess the impact should this data be leaked or damaged
- Determine responses: Know who is going to be responsible in your organisation for reporting a ransomware attack and who is going to communicate with relevant stakeholders. You should also decide how you will respond to the ransom itself - will you operate a ‘100% no-pay’ policy?
- Test restoration process: Ensure all you’re confidently able to restore important data from backups and that this happens in a timely manner so as not to affect business operations. Also establish how long it will take to re-configure affected devices in an attack.
- Know your legal obligations: Are you required to report an incident in a specific amount of time? For example in the UK, you are required to notify the ICO of any incident without unnecessary delay and no later than 72 hours of becoming aware of it.
- Stay informed: keep up to date with the latest attacks and ransomware trends so you can be on the lookout for particular threats and address any related risks you might have as an organisation.
Prevention is always the preferable approach to security, but if you’ve already been attacked it’s helpful to know what your immediate actions should be to get you out of the woods.
- Always disconnect devices that you think are infected to avoid allowing malware to spread across your network
- Reset your user credentials, particularly for admin accounts which handle core system settings
- Wipe infected devices and scan for malware
- When you’re ready to restore your data using a backup, make sure that backup is clean and safe to upload onto your device.
- Similarly, reconnect the device to a clean network for installing and updating other software.
- Use antivirus software to scan for any remaining malware.
Preventing ransomware attacks with Cyber Essentials
By aligning your security with the five critical controls of the Cyber Essentials standard, you can reduce your risk of being attacked by up to 80%. These controls cover key measures for preventing ransomware, including patching devices, managing access privileges and improving password health.
To find out more about the scheme and its benefits, download our Ultimate Guide to Cyber Essentials.